Server/mail/naming setup theory

[Dan Jenkins]

Jason Stephenson wrote:

> Dan Jenkins wrote:
>
>> In /etc/postfix/transport, add these lines:
>> aol.com smtp:[smtp.bur.adelphia.net]
>> netscape.net smtp:[smtp.bur.adelphia.net]
>> earthlink.net smtp:[smtp.bur.adelphia.net]
>> rcn.net smtp:[smtp.bur.adelphia.net]
>
> I missed a bit of that discussion, but does the above tell postfix to 
> actually relay through that server or does it tell postfix to "spoof" 
> that server on HELO?

It relays through each of them. That is what putting something in 
/etc/postfix/transport does. It defines where to transport email 
destined for that domain.

> If the latter, it won't work. 

Of course, not. That would be just forging a mail header. That wouldn't 
solve the problem which was asked about.

> I've also configured my mail server at work to block incoming mail 
> from adsl, cable, and dial-up IPs and host names. This is because all 
> of the mail that we receive from those domains is spam. 

;-) Including mine? And Derek's? (Of course, ours goes through the list 
before getting to you.)

> When a machine connects to send us mail, our mail server does a 
> reverse DNS look up on their IP. It ignores what is sent in the HELO, 
> unless the other machine is sending our own IP or host name in the 
> HELO, in which case the connection is rejected.

Do you just verify that there is a reverse DNS? Or do you verify that 
the reverse matches the forward? I'm curious.

When I started trying to block spam that way a few years ago, I had to 
remove that as being too aggressive. I found that most reverse DNS 
didn't map to their forward hostname. I also found that, at that time, 
many mail servers had hostnames which didn't resolve, or had no reverse 
DNS. This was from companies like Kollsman Instrument, Fidelity 
Investments, PSNH, etc. Out of the 15 members of the board of directors 
of a non-profit whom I ran the mail server for, 11 of them were unable 
to send email after blocking spam that way. (Whether this is a comment 
on the actual content of the board is another matter. ;-) I had to drop 
that level of spam blocking for the board to communicate with the 
non-profit's CEO. It is always a trade-off between blocking spam or 
losing a potential sale or important email. Most of my clients are more 
concerned about the latter than the former - of course, while still 
complaining about spam. (I had a client who almost lost a $50,000 deal 
due to a single missed email.)

> AOL is doing more or less the same thing with their servers.
>
> I have absolutely no problem with doing this because it cuts down on 
> the spam we receive and if you are trying to run your own mail server 
> over such an account, you are generally in technical violation of your 
> AUP.

I generally agree and use some of the same techniques myself. However, a 
great deal of trust is placed that the blocked IP ranges are valid. I 
administer several ranges of IP numbers which are listed, erroneously, 
as dynamic or dial-up according to either RCN.NET or AOL. These IPs are 
on T1 lines or in a co-lo; some going back over a decade. No one else, 
except AOL or RCN, block these ranges. (AOL and RCN don't block the same 
IPs either.) The IPs are not on any publicly available blocking list 
I've found. The ISP doesn't have them listed as dynamic. Neither AOL nor 
RCN has ever responded to any contacts regarding the problem - including 
certified mail. So, I have to use the transport approach above to move 
email from those perfectly valid email servers to a co-lo server 
elsewhere to deliver them. It's rather aggravating.

-- 
Dan Jenkins (dan at rastech.com)
Rastech Inc., Bedford, NH, USA --- 1-603-624-7272
*** Technical Support for over a Quarter Century